From 65a89ced07bf1f981286cbb9050ef3f3ebfaa07e Mon Sep 17 00:00:00 2001 From: ychung-mot Date: Wed, 27 Nov 2024 10:13:51 -0800 Subject: [PATCH 01/10] chore: zap scan --- .gitignore | 1 + frontend/nginx.local.conf | 10 ++++++++-- .../StrDss.Api/Controllers/RentalListingsController.cs | 3 ++- server/StrDss.Service/RentalListingService.cs | 2 ++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 023472b8..4ab0f76e 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ Scaffolding.txt /Test/UITest/Configuration/AppSettings.dev.json /Test/UITest/Configuration/AppSettings.test.json /Test/UITest/Configuration/AppSettings.uat.json +zap-results \ No newline at end of file diff --git a/frontend/nginx.local.conf b/frontend/nginx.local.conf index 2ad41448..3af34ac5 100644 --- a/frontend/nginx.local.conf +++ b/frontend/nginx.local.conf @@ -41,7 +41,11 @@ http { # See http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens server_tokens off; - + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Allow + # add_header Allow "GET, HEAD" always; + if ( $request_method !~ ^(GET|HEAD)$ ) { + return 405; + } # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security add_header strict-transport-security 'max-age=15768000; includeSubDomains; preload'; @@ -80,7 +84,9 @@ http { include /nginx/nginx.conf; location / { - root /nginx/html; + limit_except GET POST { + deny all; + } root /nginx/html; index index.html index.htm; sub_filter '' ''; diff --git a/server/StrDss.Api/Controllers/RentalListingsController.cs b/server/StrDss.Api/Controllers/RentalListingsController.cs index 380be807..6e14c873 100644 --- a/server/StrDss.Api/Controllers/RentalListingsController.cs +++ b/server/StrDss.Api/Controllers/RentalListingsController.cs @@ -177,7 +177,8 @@ public async Task ConfirmAddress(long rentalListingId) [ApiAuthorize] [HttpGet("addresses/candidates")] public async Task>> GetAddressCandidates(string addressString) - { + { + CommonUtils.SanitizeObject(addressString); var addresses = await _listingService.GetAddressCandidatesAsync(addressString, 3); return Ok(addresses); } diff --git a/server/StrDss.Service/RentalListingService.cs b/server/StrDss.Service/RentalListingService.cs index 9e77e093..1b36d622 100644 --- a/server/StrDss.Service/RentalListingService.cs +++ b/server/StrDss.Service/RentalListingService.cs @@ -465,6 +465,8 @@ public async Task>> ConfirmAddressAsync(long ren public async Task>> UpdateAddressAsync(UpdateListingAddressDto dto) { + CommonUtils.SanitizeObject(dto); + var errors = new Dictionary>(); var listing = await _listingRepo.GetRentalListing(dto.RentalListingId, false); From 0df3eb1f16aa8ffcc17dcc03db49f65737718617 Mon Sep 17 00:00:00 2001 From: ychung-mot Date: Wed, 27 Nov 2024 11:02:23 -0800 Subject: [PATCH 02/10] chore: zap api scan --- .github/workflows/zap-api-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zap-api-scan.yml b/.github/workflows/zap-api-scan.yml index efc8e313..7a611850 100644 --- a/.github/workflows/zap-api-scan.yml +++ b/.github/workflows/zap-api-scan.yml @@ -6,7 +6,7 @@ on: spec_url: type: string description: The URL of the OpenAPI/GraphQL spec - default: https://dev.strdata.gov.bc.ca/api/swagger/strdata/swagger.json + default: https://uat.strdata.gov.bc.ca/api/swagger/strdata/swagger.json auth_header_name: type: string description: The name of the authentication header From 9b206bfac9833eecfa7b6d132f7eb4b99ecccfdc Mon Sep 17 00:00:00 2001 From: ychung-mot Date: Wed, 27 Nov 2024 11:05:20 -0800 Subject: [PATCH 03/10] chore: zap api scan - back to dev --- .github/workflows/zap-api-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zap-api-scan.yml b/.github/workflows/zap-api-scan.yml index 7a611850..efc8e313 100644 --- a/.github/workflows/zap-api-scan.yml +++ b/.github/workflows/zap-api-scan.yml @@ -6,7 +6,7 @@ on: spec_url: type: string description: The URL of the OpenAPI/GraphQL spec - default: https://uat.strdata.gov.bc.ca/api/swagger/strdata/swagger.json + default: https://dev.strdata.gov.bc.ca/api/swagger/strdata/swagger.json auth_header_name: type: string description: The name of the authentication header From fbc7eb66e6690388233b2cb6f9e50025b9288e29 Mon Sep 17 00:00:00 2001 From: ychung-mot Date: Wed, 27 Nov 2024 12:25:32 -0800 Subject: [PATCH 04/10] chore: zap api scan --- .github/workflows/zap-api-scan.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/zap-api-scan.yml b/.github/workflows/zap-api-scan.yml index efc8e313..a28225b6 100644 --- a/.github/workflows/zap-api-scan.yml +++ b/.github/workflows/zap-api-scan.yml @@ -3,6 +3,10 @@ name: Run ZAP API Scan on: workflow_dispatch: inputs: + host_url: + type: string + description: The URL of the host to scan + default: https://uat.strdata.gov.bc.ca spec_url: type: string description: The URL of the OpenAPI/GraphQL spec @@ -41,4 +45,4 @@ jobs: format: openapi target: ${{ github.event.inputs.spec_url }} rules_file_name: '.zap/rules.tsv' - cmd_options: '-a' \ No newline at end of file + cmd_options: '-o {{ github.event.inputs.host_url }}' \ No newline at end of file From 5c508f5f3a4cfc58022b99ca0e480cf3dac9e21c Mon Sep 17 00:00:00 2001 From: ychung-mot Date: Wed, 27 Nov 2024 12:27:14 -0800 Subject: [PATCH 05/10] chore: zap api scan --- .github/workflows/zap-api-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/zap-api-scan.yml b/.github/workflows/zap-api-scan.yml index a28225b6..7beb1e50 100644 --- a/.github/workflows/zap-api-scan.yml +++ b/.github/workflows/zap-api-scan.yml @@ -45,4 +45,4 @@ jobs: format: openapi target: ${{ github.event.inputs.spec_url }} rules_file_name: '.zap/rules.tsv' - cmd_options: '-o {{ github.event.inputs.host_url }}' \ No newline at end of file + cmd_options: '-O {{ github.event.inputs.host_url }}' \ No newline at end of file From ee7bbb8c5e3fbd17bf16d5739fcdf8d917e7d588 Mon Sep 17 00:00:00 2001 From: ychung-mot Date: Wed, 27 Nov 2024 12:31:24 -0800 Subject: [PATCH 06/10] chore: zap api scan --- .github/workflows/zap-api-scan.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/zap-api-scan.yml b/.github/workflows/zap-api-scan.yml index 7beb1e50..650dcb9e 100644 --- a/.github/workflows/zap-api-scan.yml +++ b/.github/workflows/zap-api-scan.yml @@ -3,10 +3,6 @@ name: Run ZAP API Scan on: workflow_dispatch: inputs: - host_url: - type: string - description: The URL of the host to scan - default: https://uat.strdata.gov.bc.ca spec_url: type: string description: The URL of the OpenAPI/GraphQL spec @@ -45,4 +41,4 @@ jobs: format: openapi target: ${{ github.event.inputs.spec_url }} rules_file_name: '.zap/rules.tsv' - cmd_options: '-O {{ github.event.inputs.host_url }}' \ No newline at end of file + cmd_options: '-O https://uat.strdata.gov.bc.ca' \ No newline at end of file From a9d17d7e4f19e1543ea1179702dde8cc60fed186 Mon Sep 17 00:00:00 2001 From: Oleksandr Bohuslavskyi Date: Wed, 27 Nov 2024 17:07:37 -0600 Subject: [PATCH 07/10] DSS-1043: revert takedown request editor --- .../bulk-takedown-request.component.html | 30 +++++++------------ .../bulk-takedown-request.component.ts | 14 +++------ .../delisting-request.component.html | 27 +++++------------ .../delisting-request.component.ts | 6 ---- 4 files changed, 21 insertions(+), 56 deletions(-) diff --git a/frontend/src/app/features/components/bulk-takedown-request/bulk-takedown-request.component.html b/frontend/src/app/features/components/bulk-takedown-request/bulk-takedown-request.component.html index d7de89dc..3094dd9b 100644 --- a/frontend/src/app/features/components/bulk-takedown-request/bulk-takedown-request.component.html +++ b/frontend/src/app/features/components/bulk-takedown-request/bulk-takedown-request.component.html @@ -116,29 +116,19 @@

Takedown Requests for each platform are aggregated into a CSV file and sent
- +
- - - - - - - - - - - - - {{(commentControl.getRawValue() - || '').length}}/2000 + + {{textarea.value.length}}/2000
-
- Details of the +
+ Details of the request are required
diff --git a/frontend/src/app/features/components/bulk-takedown-request/bulk-takedown-request.component.ts b/frontend/src/app/features/components/bulk-takedown-request/bulk-takedown-request.component.ts index dfc76a6e..09c8f740 100644 --- a/frontend/src/app/features/components/bulk-takedown-request/bulk-takedown-request.component.ts +++ b/frontend/src/app/features/components/bulk-takedown-request/bulk-takedown-request.component.ts @@ -18,7 +18,6 @@ import { validateEmailListString } from '../../../common/consts/validators.const import { ErrorHandlingService } from '../../../common/services/error-handling.service'; import { GlobalLoaderService } from '../../../common/services/global-loader.service'; import { ListingTableRow } from '../../../common/models/listing-table-row'; -import { EditorModule, EditorTextChangeEvent } from 'primeng/editor'; @Component({ selector: 'app-bulk-takedown-request', @@ -34,7 +33,6 @@ import { EditorModule, EditorTextChangeEvent } from 'primeng/editor'; DialogModule, ChipsModule, ReactiveFormsModule, - EditorModule, ], templateUrl: './bulk-takedown-request.component.html', styleUrl: './bulk-takedown-request.component.scss' @@ -64,7 +62,7 @@ export class BulkTakedownRequestComponent implements OnInit { public get isWithStandardDetailControl(): AbstractControl { return this.myForm.controls['isWithStandardDetail']; } - public get commentControl(): AbstractControl { + public get customDetailTxtControl(): AbstractControl { return this.myForm.controls['customDetailTxt']; } @@ -95,10 +93,6 @@ export class BulkTakedownRequestComponent implements OnInit { }); } - onEditorChanged(_: EditorTextChangeEvent): void { - this.commentControl.updateValueAndValidity(); - } - onSort(property: keyof ListingDetails): void { if (this.sort) { if (this.sort.prop === property) { @@ -155,11 +149,11 @@ export class BulkTakedownRequestComponent implements OnInit { onWithStandardDetailChanged(value: CheckboxChangeEvent): void { if (value.checked) - this.commentControl.removeValidators([Validators.required]); + this.customDetailTxtControl.removeValidators([Validators.required]); else - this.commentControl.addValidators([Validators.required]); + this.customDetailTxtControl.addValidators([Validators.required]); - this.commentControl.updateValueAndValidity(); + this.customDetailTxtControl.updateValueAndValidity(); this.myForm.updateValueAndValidity(); } diff --git a/frontend/src/app/features/components/delisting-request/delisting-request.component.html b/frontend/src/app/features/components/delisting-request/delisting-request.component.html index 7ec0071d..5fa1855f 100644 --- a/frontend/src/app/features/components/delisting-request/delisting-request.component.html +++ b/frontend/src/app/features/components/delisting-request/delisting-request.component.html @@ -85,28 +85,15 @@

Add Details of your request

- +
- - - - - - - - - - - - - {{(customDetailTxtControl.getRawValue() - || '').length}}/2000 + + {{textarea.value.length}}/2000
diff --git a/frontend/src/app/features/components/delisting-request/delisting-request.component.ts b/frontend/src/app/features/components/delisting-request/delisting-request.component.ts index c6076423..3bc588a0 100644 --- a/frontend/src/app/features/components/delisting-request/delisting-request.component.ts +++ b/frontend/src/app/features/components/delisting-request/delisting-request.component.ts @@ -22,7 +22,6 @@ import { InputNumberModule } from 'primeng/inputnumber'; import { GlobalLoaderService } from '../../../common/services/global-loader.service'; import { forkJoin } from 'rxjs'; import { ErrorHandlingService } from '../../../common/services/error-handling.service'; -import { EditorModule, EditorTextChangeEvent } from 'primeng/editor'; @Component({ selector: 'app-delisting-request', @@ -41,7 +40,6 @@ import { EditorModule, EditorTextChangeEvent } from 'primeng/editor'; TooltipModule, ButtonModule, ToastModule, - EditorModule, ], templateUrl: './delisting-request.component.html', styleUrl: './delisting-request.component.scss' @@ -153,10 +151,6 @@ export class DelistingRequestComponent implements OnInit { } } - onEditorChanged(_: EditorTextChangeEvent): void { - this.customDetailTxtControl.updateValueAndValidity(); - } - onPreviewClose(): void { this.isPreviewVisible = false; } From 06cd4d152672e7d3a0c747aec838bc9e0f876eea Mon Sep 17 00:00:00 2001 From: ychung-mot Date: Wed, 27 Nov 2024 15:46:08 -0800 Subject: [PATCH 08/10] feat(dss-969) --- .../StrDss.Data/Repositories/RentalListingRepository.cs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/server/StrDss.Data/Repositories/RentalListingRepository.cs b/server/StrDss.Data/Repositories/RentalListingRepository.cs index 5528d266..350db0c5 100644 --- a/server/StrDss.Data/Repositories/RentalListingRepository.cs +++ b/server/StrDss.Data/Repositories/RentalListingRepository.cs @@ -221,14 +221,14 @@ private static void ApplyFilters(string? all, string? address, string? url, stri if (hostName != null && hostName.IsNotEmpty()) { - var hostNameLower = hostName.ToLower(); - query = query.Where(x => x.ListingContactNamesTxt != null && x.ListingContactNamesTxt.ToLower().Contains(hostNameLower)); + var effectiveHostNm = CommonUtils.SanitizeAndUppercaseString(hostName); + query = query.Where(x => x.EffectiveHostNm != null && x.EffectiveHostNm.StartsWith(effectiveHostNm)); } if (businessLicence != null && businessLicence.IsNotEmpty()) { - var businessLicenceLower = businessLicence.ToLower(); - query = query.Where(x => x.BusinessLicenceNo != null && x.BusinessLicenceNo.ToLower().Contains(businessLicenceLower)); + var effectiveBusinessLicenceNo = CommonUtils.SanitizeAndUppercaseString(businessLicence); + query = query.Where(x => x.EffectiveBusinessLicenceNo != null && x.EffectiveBusinessLicenceNo.StartsWith(effectiveBusinessLicenceNo)); } if (prRequirement != null) @@ -245,7 +245,6 @@ private static void ApplyFilters(string? all, string? address, string? url, stri : x.IsBusinessLicenceRequired == null || x.IsBusinessLicenceRequired == false); } - if (reassigned != null && reassigned.Value == false) { reassigned = null; From 7a2bb610debc6745b3207b42e381a657cac55f21 Mon Sep 17 00:00:00 2001 From: ychung-mot Date: Thu, 28 Nov 2024 08:09:40 -0800 Subject: [PATCH 09/10] chore: fix host search --- server/StrDss.Data/Repositories/RentalListingRepository.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/StrDss.Data/Repositories/RentalListingRepository.cs b/server/StrDss.Data/Repositories/RentalListingRepository.cs index 350db0c5..b76a49f9 100644 --- a/server/StrDss.Data/Repositories/RentalListingRepository.cs +++ b/server/StrDss.Data/Repositories/RentalListingRepository.cs @@ -198,7 +198,7 @@ private static void ApplyFilters(string? all, string? address, string? url, stri (x.PlatformListingUrl != null && x.PlatformListingUrl.ToLower().Contains(allLower)) || (x.PlatformListingNo != null && x.PlatformListingNo.ToLower().Contains(allLower)) || (x.ListingContactNamesTxt != null && x.ListingContactNamesTxt.ToLower().Contains(allLower)) || - (x.BusinessLicenceNo != null && x.BusinessLicenceNo.ToLower().Contains(allLower))); + (x.EffectiveBusinessLicenceNo != null && x.EffectiveBusinessLicenceNo.StartsWith(CommonUtils.SanitizeAndUppercaseString(all)))); } if (address != null && address.IsNotEmpty()) @@ -221,8 +221,8 @@ private static void ApplyFilters(string? all, string? address, string? url, stri if (hostName != null && hostName.IsNotEmpty()) { - var effectiveHostNm = CommonUtils.SanitizeAndUppercaseString(hostName); - query = query.Where(x => x.EffectiveHostNm != null && x.EffectiveHostNm.StartsWith(effectiveHostNm)); + var hostNameLower = hostName.ToLower(); + query = query.Where(x => x.ListingContactNamesTxt != null && x.ListingContactNamesTxt.ToLower().Contains(hostNameLower)); } if (businessLicence != null && businessLicence.IsNotEmpty()) From 21da7128a2364316902453496ae5370e48080a48 Mon Sep 17 00:00:00 2001 From: Oleksandr Bohuslavskyi Date: Mon, 2 Dec 2024 12:17:34 -0600 Subject: [PATCH 10/10] DSS-1041: STRAA Exempt and IsActive flags for Jurisdictions --- .../src/app/common/models/jurisdiction.ts | 4 +++ .../manage-jurisdictions.component.html | 15 +++++++-- ...te-jurisdiction-information.component.html | 33 +++++++++++++++++-- ...date-jurisdiction-information.component.ts | 6 ++++ 4 files changed, 53 insertions(+), 5 deletions(-) diff --git a/frontend/src/app/common/models/jurisdiction.ts b/frontend/src/app/common/models/jurisdiction.ts index c379a62e..d29cf9e3 100644 --- a/frontend/src/app/common/models/jurisdiction.ts +++ b/frontend/src/app/common/models/jurisdiction.ts @@ -24,10 +24,12 @@ export interface Jurisdiction { shapeFileId: string; isPrincipalResidenceRequired: boolean; isStrProhibited: boolean; + isStraaExempt: boolean; isBusinessLicenceRequired: boolean; economicRegionDsc: string; managingOrganizationId: number; updDtm: string; + isActive: boolean; } export interface JurisdictionUpdate { @@ -35,7 +37,9 @@ export interface JurisdictionUpdate { managingOrganizationId: number; isPrincipalResidenceRequired: boolean; isStrProhibited: boolean; + isStraaExempt: boolean; isBusinessLicenceRequired: boolean; economicRegionDsc: string; updDtm: string; + isActive: boolean; } \ No newline at end of file diff --git a/frontend/src/app/features/components/manage-jurisdictions/manage-jurisdictions.component.html b/frontend/src/app/features/components/manage-jurisdictions/manage-jurisdictions.component.html index 0a33c9e6..2a03e6cb 100644 --- a/frontend/src/app/features/components/manage-jurisdictions/manage-jurisdictions.component.html +++ b/frontend/src/app/features/components/manage-jurisdictions/manage-jurisdictions.component.html @@ -91,7 +91,7 @@

Manage Jurisdictions

Principle Residence Requirement? + (click)="onSortSub('isPrincipalResidenceRequired')">PR Requirement Manage Jurisdictions

STR Prohibited? + (click)="onSortSub('isStrProhibited')">STR Prohibited + STRAA Exempt + + + BL Requirement? + (click)="onSortSub('isBusinessLicenceRequired')"> BL Requirement Manage Jurisdictions {{jurisdiction.shapeFileId || '-'}} {{jurisdiction.isPrincipalResidenceRequired?'Yes':'No'}} {{jurisdiction.isStrProhibited?'Yes':'No'}} + {{jurisdiction.isStraaExempt?'Yes':'No'}} {{jurisdiction.isBusinessLicenceRequired?'Yes':'No'}} Update Jurisdiction Information
- +
Update Jurisdiction Information
+
+
+
+
+ +
+
+   + +
+
+
+
@@ -105,7 +120,21 @@

Update Jurisdiction Information

- +
+
+
+
+ +
+
+   + +
+
+
+
diff --git a/frontend/src/app/features/components/manage-jurisdictions/update-jurisdiction-information/update-jurisdiction-information.component.ts b/frontend/src/app/features/components/manage-jurisdictions/update-jurisdiction-information/update-jurisdiction-information.component.ts index 92c2ba4d..4115386e 100644 --- a/frontend/src/app/features/components/manage-jurisdictions/update-jurisdiction-information/update-jurisdiction-information.component.ts +++ b/frontend/src/app/features/components/manage-jurisdictions/update-jurisdiction-information/update-jurisdiction-information.component.ts @@ -77,8 +77,10 @@ export class UpdateJurisdictionInformationComponent implements OnInit { managingOrganizationId: number; isPrincipalResidenceRequired: boolean; isStrProhibited: boolean; + isStraaExempt: boolean; isBusinessLicenceRequired: boolean; economicRegionDsc: string; + isActive: boolean; } = this.myForm.getRawValue(); const jurisdictionUpdate: JurisdictionUpdate = { @@ -87,8 +89,10 @@ export class UpdateJurisdictionInformationComponent implements OnInit { isBusinessLicenceRequired: formValue.isBusinessLicenceRequired, isPrincipalResidenceRequired: formValue.isPrincipalResidenceRequired, isStrProhibited: formValue.isStrProhibited, + isStraaExempt: formValue.isStraaExempt, managingOrganizationId: formValue.managingOrganizationId, updDtm: this.jurisdiction.updDtm, + isActive: formValue.isActive, }; this.loaderService.loadingStart(); @@ -138,8 +142,10 @@ export class UpdateJurisdictionInformationComponent implements OnInit { managingOrganizationId: [this.jurisdiction.managingOrganizationId, [Validators.required]], isPrincipalResidenceRequired: [this.jurisdiction.isPrincipalResidenceRequired || false, [Validators.required]], isStrProhibited: [this.jurisdiction.isStrProhibited || false, [Validators.required]], + isStraaExempt: [this.jurisdiction.isStraaExempt || false, [Validators.required]], isBusinessLicenceRequired: [this.jurisdiction.isBusinessLicenceRequired || false, [Validators.required]], economicRegionDsc: [this.jurisdiction.economicRegionDsc, [Validators.required]], + isActive: [this.jurisdiction.isActive || false, [Validators.required]], }); this.cd.detectChanges();